Legal

Privacy Policy

Effective 5 June 2026

This Privacy Policy explains how Surge Cards ("we", "us", "our") collects, uses, and protects your information when you use surge.cards and the Surge Cards app (together, the "Service"). Surge Cards is operated by Lukas Peter Genis, a sole trader based in Australia. We serve customers internationally, including in the United States.

1. Information we collect

• Account information — your email address. We sign you in with one-time email codes, so we never ask for or store a password.
• Your ledger & app data — the card entries, prices, dates, notes, certificate numbers, watchlist items, and preferences (display currency, timezone, theme, default fees and shipping) you add to the Service.
• Usage data — counts of features you use (for example, daily price lookups) to enforce plan limits, a short history of your recent lookups, and anonymous, aggregate in-app usage (such as which sections you spend time in) that we collect first-party to understand how the Service is used and improve it. We never sell this data or share it with third-party advertisers.
• Payment information — when you subscribe to a paid plan, payments are handled by Stripe. We receive limited billing details such as your subscription status and a customer reference, but we do not collect or store your full card number — Stripe does that.
• Technical data — standard server and security logs, including IP address and browser type, used to operate and protect the Service.
• Messages — if you contact us (for example, via the contact form), we receive your name, email, and message.

2. How we use your information

• To provide and operate the Service — your ledger, price lookups, watchlist, and dashboards.
• To sign you in and keep your session secure.
• To process payments and manage your subscription.
• To enforce plan limits and prevent abuse.
• To respond to your messages and provide support.
• To maintain the security, integrity, and reliability of the Service.
• To meet our legal and accounting obligations.

3. How we share your information

We do not sell your personal information. We share it only with the service providers that help us run Surge Cards, and only as needed:

• Stripe — payment processing and subscription billing.
• Railway — cloud hosting for the application and database.
• Cloudflare — secure delivery and protection of the website.
• Our email delivery provider — to send your sign-in codes and reply to enquiries.

We may also disclose information if required by law, or to protect the rights, safety, and security of Surge Cards, our users, or others. The market-price estimates shown in the Service are generated from publicly available sales data and do not involve sharing your personal information.

4. Where your data is stored

Surge Cards is operated from Australia and hosted on secure cloud infrastructure provided by Railway, with your data stored and processed on servers located in the United States. Because Surge Cards serves customers internationally, your information may be transferred to, stored, and processed in countries other than the one you live in. By using the Service, you consent to these transfers, which we protect using appropriate safeguards.

5. Data retention

We keep your information for as long as your account is active or as needed to provide the Service. You can delete your account at any time from your account settings, which removes your personal data from our active systems. Some records may be retained where required for legal, accounting, or fraud-prevention purposes (for example, payment records held by Stripe).

6. Security

We protect your account with passwordless one-time codes, encrypted connections, and standard security practices, and we limit who can access your data. No method of storage or transmission is ever 100% secure, but we work hard to protect your information.

7. Your rights

Depending on where you live, you may have the right to access, correct, or delete your personal information, or to object to or restrict certain uses of it. You can manage much of your data directly in the app, or email us at [email protected] and we'll help. If you're in the United States, you may have additional rights under your state's privacy laws (such as the California Consumer Privacy Act) — including the right to know what personal information we collect and to request its deletion — and we don't sell your personal information. Australian users can read more about their rights under the Privacy Act 1988 (Cth) on the OAIC website.

8. Cookies

We use a small number of essential cookies — primarily to keep you signed in. We don't use them to track you across other websites.

9. Children

Surge Cards isn't directed to children under 16, and we don't knowingly collect their personal information. If you believe a child has provided us information, contact us and we'll remove it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We'll post the new version here and update the effective date, and we may notify you of significant changes by email.

11. Contact

Questions about this policy or your data? Email us at [email protected].